r92887 MediaWiki - Code Review archive

Repository:MediaWiki
Revision:r92886‎ | r92887 | r92888 >
Date:21:06, 22 July 2011
Author:aaron
Status:ok (Comments)
Tags:
Comment:
Fix for r86482: throttle password attempts for SpecialChangePassword (uses r92884, r92886 code)
Modified paths:
  • /trunk/phase3/includes/specials/SpecialChangePassword.php (modified) (history)

Diff [purge]

Index: trunk/phase3/includes/specials/SpecialChangePassword.php
@@ -215,6 +215,11 @@
216216 throw new PasswordError( wfMsg( 'badretype' ) );
217217 }
218218
 219+ $throttleCount = LoginForm::incLoginThrottle( $this->mUserName );
 220+ if ( $throttleCount === true ) {
 221+ throw new PasswordError( wfMsg( 'login-throttled' ) );
 222+ }
 223+
219224 if( !$user->checkTemporaryPassword($this->mOldpass) && !$user->checkPassword($this->mOldpass) ) {
220225 wfRunHooks( 'PrefsPasswordAudit', array( $user, $newpass, 'wrongpassword' ) );
221226 throw new PasswordError( wfMsg( 'resetpass-wrong-oldpass' ) );

Follow-up revisions

RevisionCommit summaryAuthorDate
r92907Follow-up r92887: clear throttle count once the password is accepted as normalaaron22:42, 22 July 2011
r92935MFT r92907,r92894,r92887,r92886,r92884: password reset page fixes. Tweaked to...aaron09:25, 23 July 2011
r94446MFT to REL1_18:...hashar09:27, 14 August 2011

Past revisions this follows-up on

RevisionCommit summaryAuthorDate
r92884Refactored code out into incLoginThrottle/clearLoginThrottle functions (for u...aaron20:58, 22 July 2011
r92886Follow-up r92884: mark these functions staticaaron21:04, 22 July 2011

Comments

#Comment by Aaron Schulz (talk | contribs)   21:36, 22 July 2011

'login-throttled' isn't quite the best message - could use improvement.

#Comment by Aaron Schulz (talk | contribs)   08:37, 23 July 2011

Not actually a fix for r86482, but rather older, different, code.

Status & tagging log